Tamper resistant counters

Abstract

A method of persistently storing event counts includes generating, using a secret cryptographic key, a sequence of numbers arranged in a pseudorandom order. The sequence of numbers is indicative of a sequence of addresses of cells in an array of cells. Each cell in the array of cells is programmable from an initial state to a programmed state to persistently encode data indicative of counter values associated with a particular event. The method also includes comparing addresses of cells having the programmed state with the sequence of addresses to determine whether a tampering event occurred at the array of cells. The method further includes, based on the determination, authenticating the array of cells or performing a countermeasure.

Description

FIELD OF THE DISCLOSURE[0001]The present disclosure is related to one-time programmable memory cell counters.BACKGROUND[0002]In a security device, certain events have to be counted and the counter value has to be preserved over numerous power cycles. For example, in a flight application, the number of times a flight computer is powered on is counted and the counter value is preserved over numerous cycles. Sensitive information or data can be encrypted based on the counter value and stored at a flight computer in a storage device, which may be accessible to an attacker (e.g. a disk drive). To preserve the counter value over prolonged or unanticipated power down events, the security device can implement a counter using one-time programmable memory cells, which are embedded in the security device, and thereby cannot be illicitly replaced. For example, each time the flight computer is powered on, the security device can change the state of particular one-time programmable memory cells f...

AI Technical Summary

Benefits of technology

The patent describes a way to improve security for devices that use one-time programmable memory cells to count events. By programming the cells in a random order, the likelihood of an attacker being able to successfully reset the cells and access data associated with a previous counter value is reduced. The device also uses a secret cryptographic key to generate a second sequence of numbers, which is indicative of the number of cells in the array of cells. This further enhances the security of the device.

Problems solved by technology

However, certain physical attacks can reset or destroy targeted one-time programmable memory cells.

An attacker sometimes can, with expensive, large, sophisticated equipment reset some of the one-time programmable cells; however, the security device can detect such an external cell-reset attack if an invalid bit pattern is detected.

Because pseudorandom bits are programmed each time the event occurs to increase the counter value, an attacker will not know which bit patterns are valid.

As a result, attempts to reset some one-time programmable memory cells to replay an earlier counter value likely will result in an invalid bit pattern.

Even if an attacker is able to observe earlier counter values, the associated programmed cells are dispersed among all the cells, and resetting such patterns of cells is extremely difficult.

The secret cryptographic key 202 is unique among application-specific integrated circuits (ASICs) at a relatively high probability and therefore unpredictable.

As a result of the techniques described with respect to FIGS. 1-2, conventional attacks or techniques for resetting one-time programmable memory cells may be unsuccessful.

However, because heating a die with a focused laser will likely destroy a large number of proximate cells 106 (e.g., destroy different sections 104 at a time), the bit patterns resulting from such an attack will likely indicate an invalid counter value.

The techniques described with respect to FIG. 5 for detecting an invalid counter value reduce the likelihood that straightforward techniques for resetting one-time programmable memory cells are successful.

However, because heating a die with a focused laser will likely destroy a large number of proximate cells 106 (e.g., destroy different sections 104 at a time), the bit patterns resulting from such an attack will likely indicate an invalid counter value.

Images